Security Operations Center Analyst

Position Summary:The SOC Engineering and Operational Lead Engineer is responsible for the engineering and administration activities of SOC tools, such as SIEM, SOAR, and deception technology. Continuously focus on enabling Automations to Support SOC Tools Administrations & Security Incident Detections and response activities.Roles & Responsibilities:- Daily Operational management of SOC Tools. (Including SIEM, SOAR..etc Components Infra Maintenance).- Log, Alert & Enrichment sources integrations with SOC Tools.- Co-ordinate with different stakeholders to understand the Integration sources to ensure appropriate baseline created and maintained as per industry standards.- Ensure appropriate correlation rules are in place against the log source types for threat/anomaly detections.- Ensure proper Incident types, fields, playbooks are defined for Automations in SOAR.- Continuous touch base with Incident Detection and Response team to fine tune the rules with adequate threshold based on their feedback.- Evaluate New SOAR/SIEM/Log analytics/big data forensic technologies products to maintain our tools base per industry standard and Olam requirements. (including Open source)- Interface with stakeholders in different parts of the globe to ensure systems are deployed to the appropriate configuration.- Develop metrics dashboard to identify trends, anomalies, and opportunities for improvement.- Ensure adequate change management and documents maintained for SIEM related Changes.- Periodical review of SOC Tools Architecture, Log Baseline, Rules, Assets health, Automations, Playbooks..etc.- Ensure high quality of Industry standards and brand consistency in all IT projects.- Ensure to work with technology stakeholders to enable the deception decoys.Profile Description:- Must have 4+ years of experience in Splunk On Prem & Cloud SIEM Engineering and Administration.- Should have hands on experience in Implementation, configuration, and management of SIEM & SOAR technologies. (Prefer Splunk, Elk, Qradar,Securonix, Demisto, google secops, servicenow secops)- Should have hands on experience in creating custom correlation rules/alerts, searches, and data analytics in Splunk or similar Log analytics tool.- Should have hands on experience in creating custom playbooks, automation scripts in SOAR.- Must have strong working knowledge of Linux-flavored OS environments.- Strong knowledge in Broad infrastructure and technology background including demonstrable understanding of security operations in critical environment.- Have sound analytical and problem-solving skills.- Should have some experience with cloud infrastructure like Microsoft Azure, AWS & GCP.- Prefer Splunk or Similar log analytics certified Professional.- Must have strong scripting & Programming language knowledge. (Python,Powershell Vbscript,c/c++,.net..etc)We are MindsprintA leading-edge technology and business services firm that provides impact driven solutions to businesses, enabling them to outpace speed of change. For over three decades we have been accelerating technology transformation for the Olam Group and their large base of global clients.Working with leading technologies and empowered with the freedom to create new solutions and better existing ones, we have been inspiring businesses with pioneering initiatives.Awards bagged in the recent years:- Best Shared Services in India Award by Shared Services Forum – 2019- Asia's No.1 Shared Services in Process Improvement and Value Creation by Shared Services and Outsourcing Network Forum – 2019- International Innovation Award for Best Services and Solutions – 2019- Kincentric Best Employer India – 2020- Creative Talent Management Impact Award – SSON Impact Awards 2021- The Economic Times Best Workplaces for Women – 2021 & 2022- #SSFExcellenceAward for Delivering Business Impact through Innovative People Practices – 2022For more info: us in LinkedIn: Mindsprint